Media Coverage

Millions use Amazon to shop, and many are used to receiving emails from the company. But the ABC 7 I-Team investigated emails that look like they could be from Amazon but are not.

It took years of discussion and several revisions, but experts believe the long-awaited passage of Australia’s breach notification legislation will kick off a new era of transparency that will rapidly improve understanding of the country’s real cybersecurity threat climate. The enabling legislation – contained within the Privacy Amendment (Notifiable Data Breaches) Bill 2016 – passed both houses of Parliament after a series of readings since it was first formally introduced to Parliament last October. But the process of authoring, revising and discussing the legislation stretches back several years, with one security executive after another warning that continued inaction was hobbling Australia’s ability to improve its overall cybersecurity posture.

Trustwave announced at RSA Conference 2017 new and enhanced managed security and professional services designed to help short-circuit an attacker’s activities by detecting cybersecurity threats much earlier and shutting them down before real damage is done.

Rapid7 and Trustwave in their articles will explain how crucial the connection between Incident Response and Penetration Testing is, while Kroll will show you practical examples of attack response. We hope you will enjoy these contributions , prepared for you by world-wide corporations.

Trustwave does everything I can think of for security. The team that I’m a part of is the incident response team, and we’re within a bigger team called SpiderLabs. I tell my kids, “I work at SpiderLabs and I fight cybercrime, the bad guys.” And they absolutely love it.

The security of internet infrastructure devices like routers and wireless access points, along with all kinds of devices that connect through them, has been of particular concern lately. Recent distributed denial of service (DDoS) attacks have originated in Internet of Things (IoT) devices, for example, and a slowdown in such issues doesn’t seem imminent.

For the past half year Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it's still not done. The vulnerability was discovered by Simon Kenin, a security researcher at Trustwave, and stems from a faulty password recovery implementation in the firmware of many Netgear routers. It is a variation of an older vulnerability that has been publicly known since 2014, but this new version is actually easier to exploit.

Simon Kenin, a security researcher at Trustwave, was – by his own admission – being lazy the day he discovered an authentication vulnerability in his Netgear router. Instead of getting up out of bed to address a connection problem, he started fuzzing the web interface and discovered a serious issue. Kenin had hit upon unauth.cgi, code that was previously tied to two different exploits in 2014 for unauthenticated password disclosure flaws.

Distributed denial of service (DDoS) attacks are increasingly being used to distract businesses and insecure Internet of Things (IoT) devices became the favoured mechanism for launching the attacks during 2016, according to a new analysis of the past year’s DDoS attack trends.

The Trump administration’s proposed clampdown on foreign-worker visas is expected to boost demand for tech professionals at home, as The Wall Street Journal reported this week.

According to Trustwave, a well-known Russian cybercrime group called Carbanak has been targeting the hospitality and retail industry in Europe and North America. The group is said to be specifically targeting internal corporate secrets and payment card data.

Today's cyber-threats present challenges for even the most tech-savvy IT executives in the most tech-savvy organizations. It's not news that the volume and velocity of threats continue to grow. At the center of the problem? Recruiting and retaining the security talent necessary to mitigate and minimize cyber-risks.

The infamous Carbanak gang may have been using Google cloud services as command and control infrastructure for malware embedded in malicious Office documents.

While security challenges often seem limitless, the resources that organizations have on hand to combat them are not. Security firm Trustwave issued a new report on Jan. 18 looking at the state of IT resources and staffing challenges titled, ""Money, Minds and the Masses.""

The Carbanak cyber criminal gang is abusing Google’s infrastructure as a conduit for botnet control. The gang became notorious when it was blamed for the theft of one billion dollars from more than 100 banks across 30 countries back in 2015. Fast-forward two years and Carbanak is now infecting users via a script that will send and receive commands to and from Google Apps and Google Forms services.

A major Canadian corporation is among those in the hospitality industry in several countries whose financial activities have been compromised by a Microsoft Word-based macro attack that appears to be orchestrated by criminal groups working together, according to a security vendor. Read more: http://www.itworldcanada.com/article/canadian-enterprise-among-victims-of-macro-based-malware-attack/390012#ixzz4XGPqmvAg or visit http://www.itworldcanada.com for more Canadian IT News

Months of ramped up Carbanak activity that includes a new host of targets and new command and control strategy has reinvigorated attention on a criminal outfit that may have at one time stolen up to $1 billion from banks worldwide.

There are many reasons why IT professionals can be fired, but six out of the top nine are related to security, said a survey released this morning. For example, having a tech investment that leads to a security breach was considered a fireable offense by 39 percent of organizations, according to Osterman Research, which conducted the survey.

The Carbanak cybergang has been spotted using Google for its malware command-and-control channel. Forcepoint Security Labs researchers said the group is hiding in plain site by is using Google as an independent command and control channel since Google is likely to be more successful than using newly created domains or domains with no reputation.

Fraudsters, aware of the scope of the Payment Card Industry data security standards, increasingly deploy fraud methods that fall outside of PCI safety.

As Deep Throat said to Woodward and Bernstein, “follow the money,” and you will see who is doing what, when, how and maybe even why. In the old days, that was walking on foot to the laundromats that were literally and figuratively serving as fronts to launder money obtained from illicit activities. In a digital world, it’s not that easy. “Laundromats” can take any digital form, and following the money is a web of digital phony storefronts — and more — that engage in transaction laundering activities.